The Project | About Us | Contribute | Donations | License
HOME My courses Completed
◄ Previous

Secrets

Next ►

In Kubernetes, secrets are used to store and manage sensitive information such as passwords, OAuth tokens, and SSH keys. This module will cover the basics of Kubernetes secrets, how to create and manage them, and how to use them in your applications.

Key Concepts

  1. What are Secrets?

    • Secrets are objects in Kubernetes that store sensitive data.
    • They help keep sensitive information secure and separate from application code.

  2. Types of Secrets

    • Opaque: Default type, used for arbitrary user-defined data.
    • Service Account Token: Automatically created by Kubernetes for service accounts.
    • Docker Config: Used for storing Docker registry credentials.
    • Basic Authentication: Stores credentials for basic authentication.
    • SSH Authentication: Stores SSH keys.

  3. Encoding

    • Secrets are base64-encoded, not encrypted by default.
    • Base64 encoding is used to ensure data is transmitted correctly, but it does not provide security.

Creating Secrets

Using kubectl

You can create secrets using the kubectl command-line tool.

Example: Creating a Secret from Literal Values

kubectl create secret generic my-secret --from-literal=username=admin --from-literal=password=secret

Example: Creating a Secret from a File

kubectl create secret generic my-secret --from-file=path/to/secret/file

Using YAML

You can also define secrets in a YAML file and apply them using kubectl.

Example: Secret YAML Definition

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  username: YWRtaW4=  # base64 encoded 'admin'
  password: c2VjcmV0  # base64 encoded 'secret'

Apply the secret using:

kubectl apply -f secret.yaml

Using Secrets in Pods

Secrets can be used in pods as environment variables or mounted as files.

Using Secrets as Environment Variables

Example: Pod Definition with Secret Environment Variables

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: my-container
    image: my-image
    env:
    - name: USERNAME
      valueFrom:
        secretKeyRef:
          name: my-secret
          key: username
    - name: PASSWORD
      valueFrom:
        secretKeyRef:
          name: my-secret
          key: password

Mounting Secrets as Files

Example: Pod Definition with Secret Volume

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: my-container
    image: my-image
    volumeMounts:
    - name: secret-volume
      mountPath: "/etc/secret"
      readOnly: true
  volumes:
  - name: secret-volume
    secret:
      secretName: my-secret

Practical Exercise

Exercise: Create and Use a Secret

  1. Create a Secret

    • Create a secret named db-secret with the following data:
      • username: dbuser
      • password: dbpassword

  2. Use the Secret in a Pod

    • Create a pod named db-pod that uses the db-secret to set environment variables DB_USER and DB_PASS.

Solution

  1. Create the Secret
kubectl create secret generic db-secret --from-literal=username=dbuser --from-literal=password=dbpassword
  1. Pod Definition
apiVersion: v1
kind: Pod
metadata:
  name: db-pod
spec:
  containers:
  - name: db-container
    image: my-db-image
    env:
    - name: DB_USER
      valueFrom:
        secretKeyRef:
          name: db-secret
          key: username
    - name: DB_PASS
      valueFrom:
        secretKeyRef:
          name: db-secret
          key: password

Apply the pod definition:

kubectl apply -f db-pod.yaml

Common Mistakes and Tips

  • Base64 Encoding: Ensure that the data in your secret is base64-encoded. Use echo -n 'your-string' | base64 to encode your data.
  • Access Control: Use Role-Based Access Control (RBAC) to restrict access to secrets.
  • Encryption: Consider enabling encryption at rest for secrets in your Kubernetes cluster.

Conclusion

In this section, we covered the basics of Kubernetes secrets, including how to create and manage them, and how to use them in your applications. Understanding secrets is crucial for managing sensitive information securely in your Kubernetes environment. In the next module, we will explore environment variables and how they can be used to configure your applications in Kubernetes.

◄ Previous
Next ►

Kubernetes Course

Module 1: Introduction to Kubernetes

Module 2: Core Kubernetes Components

Module 3: Configuration and Secrets Management

Module 4: Networking in Kubernetes

Module 5: Storage in Kubernetes

Module 6: Advanced Kubernetes Concepts

Module 7: Monitoring and Logging

Module 8: Security in Kubernetes

Module 9: Scaling and Performance

Module 10: Kubernetes Ecosystem and Tools

Module 11: Case Studies and Real-World Applications

Module 12: Preparing for Kubernetes Certification

The Project | About Us | Contribute | Donations | License
© Copyright 2024. All rights reserved